Vulnerabilities > Drupal > Drupal > 6.1

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2020-13672 Cross-site Scripting vulnerability in Drupal
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
network
high complexity
drupal CWE-79
2.6
2019-11-07 CVE-2010-2473 Improper Input Validation vulnerability in Drupal
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances.
network
drupal CWE-20
3.5
2019-11-07 CVE-2010-2472 Cross-site Scripting vulnerability in Drupal
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack.
network
drupal CWE-79
3.5
2019-11-07 CVE-2010-2250 Cross-site Scripting vulnerability in Drupal
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
network
drupal CWE-79
4.3
2019-11-06 CVE-2010-2471 Open Redirect vulnerability in multiple products
Drupal versions 5.x and 6.x has open redirection
5.8
2018-03-29 CVE-2018-7600 Improper Input Validation vulnerability in multiple products
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
network
low complexity
drupal debian CWE-20
7.5
2017-09-13 CVE-2015-2750 Open Redirect vulnerability in multiple products
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
5.8
2017-09-13 CVE-2015-2749 Open Redirect vulnerability in multiple products
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
5.8
2016-04-12 CVE-2016-3171 Data Processing Errors vulnerability in multiple products
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
6.8
2016-04-12 CVE-2016-3169 Permissions, Privileges, and Access Controls vulnerability in multiple products
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
6.8